背景说明
之前自己写了一个Web日志工具,使用Spring MVC+mybatis进行实现。由于我自己一天到晚都要使用,而有时页面会放在那里一段时间,就常会遇到session过期后跳转到登陆界面进行登陆。但是登陆后是转向了一个默认界面,这样我每次都还在多一次点击才能来到目标页面。于是,我必须要解决登陆之后跳转到前一个页面的问题以提高效率。
首先,我使用了SessionFilter对Session进行过滤,在Session过期时就会在这个方法中转向到login界面。
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpSession session = ((HttpServletRequest) request).getSession();
HttpServletResponse rep = (HttpServletResponse) response;
HttpServletRequest req = (HttpServletRequest) request;
String url = req.getRequestURI();
if (url.contains("user/login")
|| url.endsWith(".css")
|| url.endsWith(".js")
|| url.endsWith(".png")
|| url.endsWith(".jpg")) {
chain.doFilter(request, response);
} else if ((session == null || session.getAttribute("user") == null)) {
rep.sendRedirect(req.getContextPath() + "/user/login);
} else {
chain.doFilter(request, response);
}
}
然后,在LoginController中分GET和POST对用户登陆进行处理。
@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView login() {
final ModelAndView m = new ModelAndView("login");
return m;
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ModelAndView login(HttpSession session, String userName, String password) {
ReturnStatus rs = service.login(userName, MD5Tool.getMD5(password.getBytes()));
if (rs.getCode() == 1) {
session.setAttribute("user", service.get(userName));
return new ModelAndView("redirect:/task/week");
} else {
final ModelAndView m = new ModelAndView("login");
m.addObject("message", "用户名或者密码不正确,请重新输入");
return m;
}
}
解决方案
我首先想到的就是在filter中转向到login页面时,将登陆成功后要转向的页面fromUrl传过去。假设原始链接是:http://localhost:8084/personal/task/update?id=DTASK1167778733413045&mode=week。
req.getRequestURI(),获取到的是/personal/task/update,不带query string,不符合req.getRequestURL(),获取到的是http://localhost:8084/personal/task/update,也不带query string,不符合- 于是我百度了一下,找到一下方法可以获得完整的请求url(http://localhost:8084/personal/task/update?id=DTASK1167778733413045&mode=week),但是遗憾的是POST过来的数据还是无法
-
public static String getUrl(HttpServletRequest req) { String reqUrl = req.getRequestURL().toString(); String queryString = req.getQueryString(); if (queryString != null) { reqUrl += "?" + queryString; } return reqUrl; }
-
- 我试图从request中把POST过来的数据设置到response的Header中,但是在login页面经过SpringMVC后再次分发我又不会(感觉会很麻烦)
-
private void setHeader(HttpServletRequest req, HttpServletResponse rep) { for (Map.Entry<String, String[]> entry : req.getParameterMap().entrySet()) { try { String name = entry.getKey(); String value = new String(req.getParameter(name).getBytes("ISO8859-1"), "UTF8"); rep.setHeader(name, value); } catch (UnsupportedEncodingException ex) { Logger.getLogger(SessionFilter.class.getName()).log(Level.SEVERE, null, ex); } } }
-
- 于是决定,在POST的情况下就不再做POST操作,而是转向到POST之前的界面(这样有丢失数据的危险,暂时先这样吧)
-
from Url = req.getHeader("Referer")
-
最终,思路确定如下:Session过滤时,如果是POST过来的,就取前一个页面的url(第5点中的方法),如果是其他请求方式过来的(主要是GET),就使用当前要转向的url(第3点中的方法)。将url通过GET方式传入到login页面后,POST login时也带到后台,待确认登陆成功后转向到该url。
最终代码
SessionFilter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpSession session = ((HttpServletRequest) request).getSession();
HttpServletResponse rep = (HttpServletResponse) response;
HttpServletRequest req = (HttpServletRequest) request;
String url = req.getRequestURI();
if (url.contains("user/login")
|| url.endsWith(".css")
|| url.endsWith(".js")
|| url.endsWith(".png")
|| url.endsWith(".jpg")) {
chain.doFilter(request, response);
} else if ((session == null || session.getAttribute("user") == null)) {
String fromUrl;
if ("POST".equalsIgnoreCase(req.getMethod())) {
fromUrl = req.getHeader("Referer");
} else {
fromUrl = getUrl(req);
}
rep.sendRedirect(req.getContextPath() + "/user/login?fromUrl=" + URLEncoder.encode(fromUrl, "UTF8"));
} else {
chain.doFilter(request, response);
}
}
public static String getUrl(HttpServletRequest req) {
String reqUrl = req.getRequestURL().toString();
String queryString = req.getQueryString();
if (queryString != null) {
reqUrl += "?" + queryString;
}
return reqUrl;
}
LoginController
@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView login(HttpServletRequest request, @RequestParam(defaultValue = "") String fromUrl) {
final ModelAndView m = new ModelAndView("login");
m.addObject("fromUrl", fromUrl);
return m;
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ModelAndView login(HttpSession session, String userName, String password,
@RequestParam(defaultValue = "") String fromUrl) {
ReturnStatus rs = service.login(userName, MD5Tool.getMD5(password.getBytes()));
if (rs.getCode() == 1) {
session.setAttribute("user", service.get(userName));
if (fromUrl.equals("")) {
return new ModelAndView("redirect:/task/week");
} else {
return new ModelAndView("redirect:" + fromUrl);
}
} else {
final ModelAndView m = new ModelAndView("login");
m.addObject("message", "用户名或者密码不正确,请重新输入");
m.addObject("fromUrl", fromUrl);
return m;
}
}
http://www.alanzeng.cn/2016/01/login-redirect/
